Web Security | Web Penetration Testing Service

Web Security Company in Kolkata

Web Security Company in Kolkata, Indian Cyber Security Solutions which is a global web application penetration testing service provider. With the ever-growing threat of cyber crime and data loss from SME’s to MNC’s. Cyber security is not only a concern for the top management of the enterprises but should also be high priority for the professionals working in the organization dealing with critical information and intellectual assets of the company. ICSS is proud to be the highest rated web application penetration testing and audit company in Kolkata providing in-depth VAPT (Vulnerability Assessment & Penetration Testing) using both tools based as well as manual testing which to bring out zero false-positive reports for the clients.  



ICSS is proud to have served clients from a varied domain like the hospital industry, government agencies, financial institutions to large e-commerce portals. Experienced penetration testers carry out VAPT process with all the modern technologies which are used in the penetration testing industry. Web Application penetration testing is carried out with prerecession by the team of ethical hackers and penetration testers where we follow the OWASP top 10 vulnerabilities.












Why choose us?  
  • CYBER INSURANCE – 70% of the project cost will be paid back to the client if any cybersecurity incident is recorded & proved on the same scope of work where ICSS had performed the VAPT.


  • VA & PT, not a separate service – ICSS performs both VA- Vulnerability Assessment and PT- Penetration Testing for all clients.


  •  NON-DISCLOSER AGREEMENT (NDA)  the TRUST FACTOR – This agreement states that if any critical data of the client is exposed, tempered or used for any promotional activity without any written consent of the client, ICSS will be held responsible and can be sued in the court of law.  ICSS singes NDA with every client before the audit / VAPT.


  • ZERO False Positive Report GUARANTEED – ICSS provides manual-based testing along with tool-based testing which reduces the false positive report to maximize accurate identification of critical level vulnerabilities.




How Indian Cyber Security Solutions team works?

Indian Cyber Security Solutions being one of the top-rated web security company in Bangalore follows certain steps which are highly important in the business of cybersecurity.

Web Penetration testing VAPT service is a remote service provided by ICSS where our teams of web application penetration testers take the full access of the web based application from our research and development center located in Bangalore and in Kolkata or can be invited by the enterprise at their testing site for the VAPT process.

Indian Cyber Security Solutions aims at providing cyber security VAPT service to clients. Our team of technical experts assesses the critical infrastructure of the enterprise and provides valuable cyber security consultancy to the organizations. ICSS helps the enterprise to implement cyber security measures as per the technical VAPT report provided by the penetration testers.

Enterprises heavily rely on cyber security products for their critical infrastructure protection. Cyber Security Products like – antiviruses, IDS, IPS & Firewalls are highly capable to prevent intrusions only when they are implemented after manual security testing done by penetration testers.  ICSS aims in helping out enterprises to allocate the right budget for cybersecurity. VAPT services help to find out the actual pain area of the organization and taking steps to patch vulnerabilities.


Request for Quotation         Check Out Our Satisfied Clients



CEO & Managing Director

“We see companies websites being Defaced, under Ddos attack and see e-commerce portals losing customers as stored customer credit card information is leaked, financial losses due to tempered data vulnerabilities. Unsecured web applications are like gold mines for hackers, so better be secured than to be harassed publically” – Abhishek Mitra (CEO of ICSS)



CTO & Co-Founder

“ S.A.V.E – Secured AI-based Vulnerability-assessment tool for Enterprise is an Artificial Intelligent tool developed by ICSS which provides vulnerability assessment and gives a detailed report on critical vulnerabilities available on a scale of 1 to 5 where 5 is the highest and most critical. On the basis of the report, our experts try to exploit the vulnerabilities and mimic the real-time hacking scenario” – Samiran Santra (CTO of ICSS)



VAPT – Vulnerability Assessment & Penetration Testing is a common terminology/process that we all know about.

Vulnerability Assessment is the process where we assess the critical infrastructure and check for loopholes for penetrations. In the case of Network Security Service, we assess the entire company web apllications using scanners and other tools to find out vulnerabilities in the web application auditing devices.

Penetration Testing is the phase in the process where the ICSS team of penetration testers mimics the real-time attack and tries to exploit the vulnerabilities to the maximum extent. In the case of network security service, we try to exploit the available vulnerabilities using penetration testing tools as well as manual testing to reduce false positive report.


What are the charges for a Web Penetration Testing Service?

ICSS customer satisfaction strongly depends on cost-effective VAPT solutions and helping the company to allocate the right budget for cybersecurity. We do not aim at competing with the vendors in the cybersecurity product market. Instead, our cybersecurity consultancy aims at consulting the organizations to take actions as per the VAPT report.

Pricing of VAPT penetration testing heavily relies on the two types of penetration testing. “BLACK BOX” testing & “WHITE BOX” testing. Enterprise can select any one type of penetration testing depending on the level of critical infrastructure involved.


BLACK BOX testing – In black-box testing, penetration testers are not given any specific scope by the enterprise and are not accompanied by any internal member from the enterprise. In this type of testing ICSS penetration testers act as real-time black hat hackers and tries to penetrate the organizations’ website infrastructure using all possible means of hacking.

Pricing for Black box testing normally depends on the scope of the project and also the features of the project. It normally is high priced as time spends on penetrating on the application is more as compared to the white box testing.


WHITE BOX testing – In white-box testing the enterprise/organization defines the entire scope of work including the number of web application auditing devices and also their IDs. Web Penetration Tester or any representative from the organization will be associating the penetration tester in the organization. In white-box testing, the entire VAPT process will be monitored by the representative from the organization.

Pricing for White box testing is normally INR 3000/- per devices mentioned in the scope of work.


Steps involved in the process of Web VAPT:

Indian Cyber Security Solutions takes clients data privacy very seriously. Once the scope of the work is finalized between ICSS and the client, they are requested to sign up an NDA agreement.


Step 1 – (Non-Disclosure Agreement signed and agreed by both the parties)

NDA agreement is a Non-Discloser-Agreement signed and agreed by both the parties which primarily states Indian Cyber Security Solutions will never disclose any findings publically which ICSS will come across at the time of testing without the consent of the client.


Step 2- (Network Scanning)

Web penetration testers are invited by the client to their location for network VAPT. Penetration testers strictly follow the SCOPE of work and start scanning the IPs as mentioned in the SCOPE of work. Scanning using different risk assessment tools by the security professionals is the first stage categorized under Vulnerability Assessment.


Step 3 – (Vulnerabilities Assessment)

After the scanning is done we Web penetration testers dig deeper to find out vulnerabilities and assess the level of criticality the vulnerability possess. Web penetration testers mimic the real-time hackers and try to find out maximum vulnerabilities in the network/critical infrastructure, strictly defined in the scope.


Step-4 (Penetration Testing)

Web penetration testers try to exploit the vulnerabilities as per the finding in the process of scanning. Different penetration testing tools are used as per the industry standards in this process. Web penetration testers use different manual techniques to maximize the level of exploit and reduce false-positive reports.


Step 5 (Recommendation)

Web penetration testers generate the vulnerability and penetration testing reports as per the findings. In this VAPT report, we document the vulnerabilities and the level of criticality on a scale of ten. The high level vulnerabilities and the middle level vulnerabilities are instantly sent to the We Penetration Tester head of the client or the manager whoever is relevant. In the report we document possible rectifications that can be made from the clients end to patch the vulnerabilities.


Step 6 (Implementation):

The top-level management of the client and the technical team those who are responsible to take necessary actions as per our recommendation sit for a meeting. Web Penetration testers and the technical team of the client discuss and take appropriate action to patch the vulnerabilities.


Step 7 (Re-Testing)

After patching and fixation of the vulnerabilities by their web administrator or the concerned person who is responsible in this aspect. We do the re-scan for the vulnerabilities and if we found further any vulnerability then we will follow the same process from step 1 to step 6. If no vulnerability were found we issue the VAPT certificate to the client.


Is your Web Application Firewall strong enough to protect your data?


Check out the Demo Web Application Penetration Testing Report:




Web Security is the buzzword in the present I.T. world market. Web security refers to ensuring of appropriate levels of the elements like confidentiality, availability, integrity, auditability and non- repudiability with regard to data or information stored in the computers. Websites nowadays are subject to constant attacks which may be initiated from anywhere in the world either intentionally or unintentionally. All in all web security means defending from inside out and also from outside in.

There have been numerous incidences of a website being compromised for years without even the knowledge of its owners and creators. Whatever may be the purpose of your website, it is always recommended to make arrangements for its proper security and rather be safe than sorry especially in the present context of the cyber world scenario where websites are being hacked rather disdainfully and with a relative amount of ease by hackers. Lest you would have to always stay apprehensive with regard to its safety & fate to go with what impact it might have in your life and/or to your company.

A branch of Information Security that deals particularly with security of websites, web applications and web services is what is known as web security. At present, not only information (cyber) security but web applications too are becoming matters of grave concern relating to target for data breaches & intrusions into networks. Naturally, the business website of a company depending upon web applications is also under threat which indeed is an area of much discomfort for the company.

Our experts, entrusted with the job of maintaining web security make sure that your web applications are in perfect order and harmony. They put into test all the possible areas of your web application including that of servers as well as firewalls. Thus, through their detailed analysis & penetration testing they look after your web security giving no respite to even the slightest of vulnerabilities that might be exploited. The most important aspect that we practice in keeping your web secure is that we don’t believe in catch up.

Our experts at Indian Cyber Security Solutions are always well ahead of the threats & attacks that may come your way as we have mastered the art of prevention rather than cure as we prioritize risks in the most efficient manner & act accordingly. It is a fact that more than 1 million websites are breached worldwide at any given time. But we always back ourselves to combat any security related risks with the kind of knowledge, self-belief, experience and confidence that we possess up our sleeves so that your data and computer are always out of danger.

Some of the areas covered by our experts via pen test comprise of the following:

(A) Injection attacks- SQL injection, command injection, XML injection

(B) Application logic attacks

(C) Input validation-cross-site scripting, cross-site request forgery, buffer overflow

(D) Authentication bypass

(E) Security misconfigurations

Check Out Our Satisfied Clients

To check out our more clients and their case studies Click Here


Want to have a Web Application Security Testing for your business website?

Please Fill All The Details for Consultancy Services:



90% of the websites which got compromised in recent past are due to a coding fault. Service which we provide in WAPT (Web Application Penetration Testing) is to report you the overall vulnerable points in the organization website and their remedial measures but that might not be enough in some cases. Source Code review is an add on service which we provide where we completely check the website coding and find out the flaws.


Web Security


Maintaining a secure online presence is the best reason to undergo Web Application Security Testing, but there are other great reasons, too.

(A) Conducting regular Web Application Security Testing helps you reduce risk, limit vulnerabilities and maintain secure web applications, and meet requirements like 6.6 of the Payment Card Industry Data Security Standard (PCI DSS); and

(B) Frequent Web Application Assessments also help you address HIPAA and HITECH requirements to ensure that your web applications are secure and your protected health information (PHI) is less susceptible to compromise.



Please Fill All The Details for Consultancy Services:

How to secure website (best practices)

How to secure website

A large number of security aspects need to be kept in mind while developing a need-based and more importantly secure website. Well acquaintance with the security features of Windows, ASP.Net, .Net framework, etc. and mastery in understanding security vulnerabilities is essential for creating and managing websites securely. And finally, it is imperative to have the knowledge of proper and timely application of these security features to ensure a secure and smooth running of the website.

The nature of the menace needs to be identified and addressed first with over 90% of websites prone to security hazard. The main objective at this stage should not be restricted only in identifying vulnerabilities that make a website susceptible but making constant endeavour to eliminate them because the kind of vulnerabilities are really growing at the rate of knots. Equal care must be given at the same time to make the process of eradicating potential vulnerabilities from websites and web applications easier and quicker.

There is no surprise that the hackers target the Achilles’ hill which is web applications. And application security is not a one-time check box. It is a continuous phenomenon. Almost every application possesses hundreds of vulnerabilities. So prioritizing of vulnerabilities with accordance to the nature and need of your company is critical as the task becomes much more feasible. Having a well devised plan regarding everything can take your company a long way and make your work a lot more convenient in your attempt of making your website a secured one. Myths that SSL, network firewall or IDS don’t contribute in providing extra shield & security from any angle must be dismissed as soon as possible. Building cognizance is very crucial from within, at least up to a certain decent level. It has been found that many companies don’t even know how many web applications they have & what are they which is by far the most important thing to have a solid grip on since when a concrete inventory of those applications are taken the company itself would get astonished by the fact that how many rogue applications are out there.

Vulnerabilities caused by web applications constitute more than 50% (half) of data breaches that occur in a single year. So it is evident from this that huge precaution, strategy and proper implementation is required to withstand against this storm of cyber attacks that can be launched from anywhere in the world and at any point of time. Thus application security testing of websites has to be rated as one of the, if not the most important practice to secure website. Alongside mention has to be made of source code review which is finding out the flaws (errors) in code which otherwise may so often lead to severe detrimental outcomes. Next is the all important web penetration testing and the network penetration testing in which a real-world attack is simulated against your network infrastructure and information systems to gain hands-on feeling and experience about the actual condition of the vulnerabilities and the risks which can impact the integrity, confidentiality and the availability of your data. Web application firewall is the other line of defence against these cyber attacks which too is very useful indeed especially under some particular circumstances where traditional (normal) firewall cannot function. I.T. security audit is another  important practice in this respect as well from the perspective of maintaining security of the entire information system as a whole. These tests further need to be conducted at frequent interval to get optimum results and continuing security protection.


Following the best practices to secure website provides an online-based company with the much needed boost to carry out its business with confidence and in a swift manner.

At Indian Cyber Security Solutions we always resort to the best practices to secure website by imbibing together the essential elements and the latest security technology so that your data is protected and you never find yourself out of your comfort zone. Our unique & creative white-hat experts try and give their best shot every time they are endowed with the task of preparing the most favorable conditions for a secure website treating the work as of their own so that you never suffer.


Web Application Security Testing


Applications have indeed become the path of least resistance for cyber-attackers around the globe.  Web security is a branch of information security that particularly deals with web pages, web applications and web services and primarily with internet and web system at the higher level.

The advent of Web 2.0 technologies that incorporated complex client-side logic such as JAVA Script and Adobe Flash led to the modern trend of massive digital marketing along with high percentage of information sharing via social media. It resulted in the requirement for a solid base of defence mechanism besides the conventional ones. Since the ever-growing-intelligent and smart hackers either attempt to compromise the corporate network or the end-users accessing the website by subjecting them to drive-by downloading one just cannot afford to be off guard against them even for a while. Thus web application security testing has got to play such a paramount role in maintaining web security.

Cross-site scripting and SQL (XSS) injection attacks are the most common & typical errors that is caused due to defect in codes and failure to sanitize input to and output from the web application. Another very common threat to web applications is phishing which incurred a loss of $1.5 billion globally in 2012.

In order to prevent web attacks and minimise threats, security checkpoints and essential techniques must be employed at early stages and right through the software development lifecycle. The coding part should be done with greater care and emphasis.

Security mechanisms mostly in operation as preventive measures are:

(A) Threat modeling

(B) Risk analysis

(C) Static analysis

(D) Digital signature


Website security testing


The emerging standard body for web application security OWASP (Open Web Application Security Testing) has specifically figured out 10 (ten) detailed major threats against web applications.

These are:

Unvalidated Input  

b) Broken access control   

c) Broken authentication and session management   

d) Cross-site scripting (XSS)  

e) Buffer Overflow 

f) Injection flaws  

g) Improper error handling 

h) Insecure Storage  

i)Denial of Service (DoS)  

j) Insecure configuration management

The Web Application Security Consortium (WASC) has created the Web Hacking Incident Database producing open source best practice documents on web application security.

We have made it our motto to look after your web security with your full potent & commitment. Our work at Indian Cyber Security Solutions is to find and fix all vulnerabilities before hackers &/or intruders can begin their malicious work to damage your company financially, affect its reputation badly and potentially take away your customer’s trust which perhaps have taken you years to build and strengthen. Web security being a significant component of application security happens to be the mainspring of any software security catastrophe. Our experts put themselves in the position of an attacker and perform the testing from the perspective of an attacker. This gives them the most comprehensive and transparent outlook to carry out their job in the most efficient of manner. Another salient feature of our experts at Indian Cyber Security Solutions is that they conduct both automatic and manual web application security testing. By that, they make sure that all the areas of web security are covered. Our expert security team conducts an in-depth vulnerability analysis of the target application. The vulnerabilities we find through web application security testing are exploited with your full permission and without any risks associated with it whatsoever. The entire process is carried out in such a controlled and well-organized fashion that it provides you with the easiest way to set straight your weak links & ultimately rectifying them. Thus through our experts’ expertise the very gateway of your online business is secured. After the completion of the test a meticulous and comprehensive official report is delivered by our team of experts who would take you with the pros & cons of the test making sure that you get a good grasp of the vulnerable points and can take necessary steps to do away with the same. With the performing of web application security testing at frequent intervals and from time to time not only the applications stay protected but the web security too is fortified.



Click one of our representatives below to chat on WhatsApp or send us an email to [email protected]

× Hi How can we help you